Guest Access Service Template

Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.

Guest Access Service Template

This template is designed for authenticating guest users who log in using captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.. Guests must reauthenticate after session expiry. Guest access can be restricted based on day of the week, bandwidth limit, and number of unique devices used by the guest user.

To access the Guest Access service template:

1. Navigate to Configuration > Service Templates & Wizards.

2. From the Service Templates & Wizards page, select Guest Access. The Service Templates - Guest Access page opens to the General tab.

Figure 1 Guest Access Service Template

Specify the parameters used in the Guest Access service template as described in the following table:

Table 1: Guest Access Service Template Parameters
Parameter	Action/Description
General
Select Prefix	Select any one prefix from the existing list of prefixes. This populates the pre-configured information in the Wireless Network Settings and Guest Access Restrictions sections. The Name Prefix field is not editable.
Name Prefix	Enter a prefix that you want to append to services using this template. Use this to identify services that use templates.
Wireless Network Settings
Wireless SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. for Guest access	Enter the SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. value here.
Select wireless controller	Select the wireless controller from the drop-down list if you already configured.
Wireless controller name	Enter the name of the wireless controller.
Controller IP Address	Enter the wireless controller's IP address.
Vendor Name	Select the manufacturer of the wireless controller.
RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. Shared Secret	Enter the shared secret that is configured on the controller and inside Policy Manager to send and receive RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. requests.
Enable RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. CoA Change of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions.	Select to enable RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. initiated CoA Change of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions. on the network device.
RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. CoA Change of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions. Port	Specifies the default port 3799 if RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. CoA Change of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions. is enabled. NOTE: Change this value only if you defined a custom port on the network device.
Posture Settings
Enable Posture Checks	Select the check box to perform health checks post authentication. This enables the Host Operating System and Quarantine Message fields.
Host Operating System	Select the operating system: Windows, Linux, or macOS.
Quarantine Message	Specify the quarantine message that will appear on the client.
Initial Role/ VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.	Enter the initial role of the client before posture checks are performed.
Quarantine Role/VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.	Enter the role of clients that fail posture checks.
Guest Access Restrictions
Days allowed for access	Select the days of the week that guest users are allowed network access.
Maximum bandwidth allowed per user	Enter a number to set an upper limit for the amount of data in Megabytes (MB) to which a user is allowed per day. A value of 0 (zero), the default, means no limit is set.